Rapid7 Blog

Metasploit Wrap-up

POST STATS:

SHARE

Document ALL THE THINGS!

This release sees quite a bit of documentation added with a module doc from bcoles and four new module docs from newer docs contributor Yashvendra. Module docs can be viewed with info -d and are extremely helpful for getting acquainted with a modules capabilities and limitations. We greatly value these contributions because, while not cool h4x0r features by themselves, each one means that fewer people have to read the code to understand how to effectively use all the 1337 stuff the rest of us write.

To that end, we are releasing a new way to add detailed documentation to the output of the help command. Metasploit has well over 100 different commands in its various modes, and all that they tell you with the help command is which flags they take with a short, often generic description for each. This can make some commands like route or execute take a lot of trial and error to learn, let alone triaging bugs. The first subject of my focus was the repeat command since there were no guides or documentation for it from any source except for another wrap-up, and I have more in the works.

You might ask, "Adam, do you think can you document all of Metasploit?" No, I do not, but I think we can together. We would love pull requests to help backfill the console documentation, so if you run across a command you don't know and want to try to figure out or want make sure you favorite is documented that other people can embrace the awesomeness, please send some sweet, sweet docs our way. Keep an eye on our wrap-ups to see what cool functionality we uncover and document!

Four out of five modules agree: Hacking is fun

Out of the five modules added this week, four (plus a mixin) were written by the amazing pedrib for the Nuuo CMS. These modules exploit various flaws from bruteforcing session tokens to SQL injection. These modules target a variety of versions from 2.3 all the way to 3.5.0. With some teamwork from bcoles and jrobles-r7 we now have some tasty coverage for another enterprise central management system.

The sum of a lot of little parts

Our fearless leader busterb got an itch over this last week looking at our high open PR count and got a lot of little things over the line that had stalled for one reason or another. There are a lot of good fixes and small features listed below from familiar and new faces, so be sure to update and check if your bug was fixed, especially if it was about RHOSTS.

Improvements

PR #11400 adds the ability for Metasploit payload generation to add a custom section header name for where to insert a generated payload in Windows executables. It also adds the ability to specify the pad-nops option from the generate command from within msfconsole. These option mimic those added to msfvenom.

PR #11407 adds functionality to help COMMAND to display extra reference help for various commands. The reference files are stored as markdown in the documentation/cli/ directory. Also add inaugural docs for help repeat.

Fixes

PR #11434 fixes a stack trace reported on the creds command when private is empty.

PR #11411 fixes an issue when printing script help with -h when running Meterpreter scripts.

PR #11401 fixes tab completion when setting RHOSTS with and without having RPORT already set.

PR #11393 updates module option deregistration to work with both newer and older option names, allowing for backward compatibility with a module that wants to unregister 'RHOST' or 'RHOSTS'.

PR #11392 optimizes the display of the msf5 console shell prompt to not compute things unnecessarily. Namely, it avoids computing %L which appears to be fairly expensive and possibly leads to crashes in some circumstances.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

We recently-announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions). PLEASE NOTE that the binary installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the Metasploit 4 branch for the time being. Migration is underway, so you can look forward to getting Metasploit 5 in the binary installers and in third-party software distributions soon.